// For flags

CVE-2023-40839

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADF3C' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADF3C" function to execute commands.

La función "sub_ADF3C" de Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin contiene una vulnerabilidad de ejecución de comandos. En la función "formSetIptv", al obtener los campos "list" y "vlanId", sin filtrar pasa estos dos campos como parámetros a la función "sub_ADF3C" para ejecutar comandos.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2023-08-22 CVE Reserved
  • 2023-08-30 CVE Published
  • 2024-10-01 CVE Updated
  • 2024-10-01 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
URL Tag Source
https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/cmd/3/3.md Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Tenda
Search vendor "Tenda"
 Ac6 Firmware
Search vendor "Tenda" for product "Ac6 Firmware"
 15.03.05.16
Search vendor "Tenda" for product "Ac6 Firmware" and version "15.03.05.16"
-
Affected
in Tenda
Search vendor "Tenda"
 Ac6
Search vendor "Tenda" for product "Ac6"
 1.0
Search vendor "Tenda" for product "Ac6" and version "1.0"
-
Safe